Overview
This document provides a comprehensive mapping of all Role-Based Access Control (RBAC) permissions available in the ClinicalDataS platform. Administrators can use this matrix to configure granular access for System Administrators, Study Managers, Monitors (CRAs), and Site Coordinators (CRCs).
Note: Permissions follow a
module.actionormodule.submodule.actionnaming convention. Standard CRUD actions (list,view,add,update,delete,lock,unlock,remove,restore) are grouped where applicable for brevity.
️ System & Administration
Permissions governing global system configuration, user management, and audit logging.
| Permission Key | Functional Description |
|---|---|
system.list | View the System Settings menu. |
system.update | Update global system configurations (URL, branding, file limits). |
system.sendTestEmail | Send test emails to verify SMTP configuration. |
system.resendEmail | Resend failed or bounced system notification emails. |
system.testAmazon | Test the connection to the AWS S3 cloud storage. |
system.adminOnGoogleAuthenticator | Enable 2FA (Google Authenticator) for user accounts. |
system.adminOff2FA | Disable 2FA for user accounts (e.g., if they lose their device). |
administration.list | Access the main Administrations dashboard. |
user.* | User Management: list, view, add, configure, update, delete, lock, unlock, remove, restore. Manage user accounts, profiles, and statuses. |
role.* | Role Management: list, view, add, configure, update, delete, lock, unlock, remove, restore. Define and assign system and study roles. |
loginLog.* | Audit Login: list, view, add, configure, update, delete, lock, unlock, remove, restore. View and manage system login history. |
emailLog.* | Email Log: list, view, add, configure, update, delete, lock, unlock, remove, restore, resend. Monitor and manage automated system emails. |
auditLog.* | Audit Trail: list, view, add, configure, update, delete, lock, unlock, remove, restore. Access system-wide audit logs. |
Study & Site Management
Permissions for creating, configuring, and managing clinical studies and research sites.
| Permission Key | Functional Description |
|---|---|
study.* | Study Lifecycle: list, view, add, configure, update, delete, lock, unlock, remove, restore, changeStatus, goLive. Manage study metadata and status transitions. |
study.mobileSetting | Configure mobile application settings for the study. |
study.phiSetting | Configure PHI (Personally Identifiable Information) masking rules. |
study.configureDynamicGroup | Set up dynamic subject group classes for adaptive trials. |
study.subjectGroupClass.create | Create new subject group classes (treatment arms). |
study.subjectGroupClass.reorder | Reorder the display sequence of subject group classes. |
site.* | Site Management: list, view, add, create, configure, update, delete, lock, unlock, remove, restore. Manage participating research sites and site-level users. |
eventDefinition.* | Event Definition: list, view, add, configure, update, delete, lock, unlock, remove, restore. Define study visits, events, and CRF assignments. |
application.* | App Management: install, uninstall, settings. Install or remove study modules (e.g., Randomization, IMP) and configure their global settings. |
Subject & Data Entry
Permissions related to subject enrollment, clinical data capture, and file management.
| Permission Key | Functional Description |
|---|---|
subject.* | Subject Lifecycle: list, view, add, enroll, update, delete, lock, unlock, remove, restore, reassign. Manage subject records and site assignments. |
subject.view.phi | View unmasked Personally Identifiable Information (PHI) for subjects. |
subject.auditLog | View the audit history for a specific subject. |
subject.attachments.add | Upload new files to a subject's record. |
subject.uploadFile | General permission to upload files within the subject module. |
subject.invitation.add | Send invitations to subjects (e.g., for eConsent or Surveys). |
subject.event.add | Add unscheduled or simple occurrences to a subject's visit schedule. |
subject.eventCrf.add | Add new CRF forms to a subject's event. |
subject.eventProduct.add | Assign IMP products to a specific subject event. |
subject.groupClass.* | Group Class: update, remove, restore. Manage a subject's assigned treatment arm or cohort. |
subject.randomize | Perform randomization for an enrolled subject. |
subject.requestUnRandomize | Request to un-randomize a subject. |
subject.approveUnRandomize | Approve an un-randomization request. |
subject.rejectUnRandomize | Reject an un-randomization request. |
subject.requestUnBlinding | Request to unblind a subject's treatment assignment. |
subject.approveUnBlinding | Approve an unblinding request. |
subject.rejectUnBlinding | Reject an unblinding request. |
subject.sign / subject.unSign | Sign or un-sign a subject's record to lock data. |
subject.verifySourceData | Perform Source Data Verification (SDV) on a subject. |
dataEntry.* | Data Entry: view, enter, delete, lock, unlock, remove, restore. Core permissions for filling out and managing CRF data. |
dataEntry.attachmentsAdd | Attach files directly within the Data Entry interface. |
dataEntry.medicalCodingUncode | Remove or revert medical coding assignments in data entry. |
dataEntryDashboard.* | Dashboard Views: viewEnrollmentStatusPerSite, viewEventStatus, viewEventStatusDetails, viewQueries, viewQueriesPerCRF, viewSubjectStatus. Access specific charts on the Study Home dashboard. |
attachment.* | File Management: view, awsS3, update, delete, lock, unlock, remove, restore. Global permissions for managing file attachments across the system. |
Clinical Operations
Permissions for Screening, SDV, Queries, Medical Coding, Surveys, and Monitoring.
| Permission Key | Functional Description |
|---|---|
screening.* | Screening: list, view, add, configure, update, delete, lock, unlock, remove, restore, enroll, reject. Manage the subject screening process. |
screening.consentConfigure | Configure eConsent settings and templates. |
screening.consentView | View eConsent forms and signatures. |
screening.participantConsent.* | Participant Consent: lock, unlock. Manage the locking state of participant consent forms. |
screening.participantGroup.* | Participant Groups: invite, update, delete. Manage participant groups for surveys or eConsent. |
screening.signatureCreate | Create or capture digital signatures for screening forms. |
sourceDataVerification.* | SDV: view, viewEventCrfs, viewStudySubjects, add, configure, update, delete, lock, unlock, remove, restore, setting.update. Perform and configure Source Data Verification. |
sourceDataVerification.verify* | Verify Actions: verifyEventCrfs, verifyItems, verifyStudySubjects. Mark specific data points as verified. |
sourceDataVerification.unVerify* | Un-verify Actions: unVerifyEventCrfs, unVerifyItems, unVerifyStudySubjects. Revert verified data points. |
query.* | Query Management: list, view, addQueryType, close, reply, configure, setting.update. Create, reply to, and resolve data discrepancies. |
medicalCoding.* | Medical Coding: list, view, add, search, autoCode, codeAndAlias, saveCodedItem, update, delete, lock, unlock, remove, restore, configure, terms.list. Assign and manage MedDRA/WHODrug codes. |
medicalCoding.*Alias | Alias Management: addAlias, deleteAlias, listAlias, updateAlias, viewAlias. Manage custom coding aliases. |
survey.* | Survey Module: add, configure, update, delete, dataEntry, attachments. Manage survey packages and participant data entry. |
survey.package* | Survey Packages: packageAdd, packageUpdate, packageDelete. Create and manage survey package configurations. |
monitoringVisit.* | Monitoring Visit: list, view, add, configure, update, delete, lock, unlock, remove, restore. Manage monitoring visits and reports. |
monitoringVisit.comment.write | Write comments on monitoring visit reports. |
monitoringVisit.issue.* | Issue Management: write, created, assigned, closed, overdue, reopened. Track and resolve monitoring issues. |
monitoringVisit.noteToFile.write | Add notes to specific files in the monitoring report. |
monitoringVisit.query.linked | Link queries to monitoring visit findings. |
monitoringVisit.report.* | Report Status: created, reopened, signed. Manage the lifecycle of the monitoring PDF report. |
monitoringVisit.review.write | Write review notes on the monitoring report. |
monitoringVisit.sdv.updated | View or trigger updates to SDV status within the monitoring module. |
monitoringVisit.statistics.admin | Access advanced monitoring statistics and charts. |
monitoringVisit.status.* | Status Control: change, setApproved, setFinalized, setReviewed. Advance the monitoring visit through its workflow stages. |
Investigational Medicinal Product (IMP)
Granular permissions for the end-to-end IMP supply chain, from warehouse to site dispensing.
| Permission Key | Functional Description |
|---|---|
imp.configure | Access and modify global IMP study settings. |
imp.update / imp.operation | General update and operational permissions for IMP modules. |
imp.dashboard.view | View the IMP Dashboard (Warehouse/Site Pharmacy). |
imp.warehouse.* | Warehouse Config: add, update, delete. Manage central warehouse locations. |
imp.measures* | Unit of Measure: measuresAdd, measuresUpdate, measuresDelete. Configure product units and ratios. |
imp.products* | Product Config: productsUpdate, productsDelete. Manage IMP product definitions. |
imp.lots* | Lot Management: lotsUpdate, lotsDelete. Manage product lot numbers. |
imp.ipcode.* | IP Code Management: add, read, update, delete, assign, unassign, dispense, import, validate, quarantine. Manage randomization IP codes. |
imp.receipt.* | Receipts: add, read, update, delete, approve, cancel, reject, validate. Manage incoming drug shipments at the site. |
imp.deliveryToSite.* | Site Delivery: add, read, update, approve, cancel, confirm, reject, ship, validate. Manage the workflow of shipping drugs to sites. |
imp.dispense.* | Dispensing: view, approve, reject. Approve or reject drug dispensing requests for subjects. |
imp.internal* | Internal Transfers: Add, View, Update, Delete, Approve, Cancel, Attachments. Manage internal drug transfers between locations. |
imp.wasteSite.* | Site Waste: add, update, delete, approve, cancel, attachments. Record and approve drug waste at the site level. |
imp.wasteWarehouse.* | Warehouse Waste: add, approve, cancel, delete, attachments. Record and approve drug waste at the warehouse level. |
imp.siteRequest* | Site Requests: siteRequest, siteRequest.cancel. Create or cancel IMP requests from the site. |
imp.sponsorRequest.* | Sponsor Requests: sponsorRequest, sponsorRequest.createFromSite, update, updateDetailed, cancel, confirm, confirmSite, confirmWarehouse, attachments. Manage sponsor-level delivery requests. |
imp.sponsorDeliveryRequest.create | Create a new delivery request directly as the Sponsor. |
imp.returnRequest.* | Return Requests: add, addBySponsor, read, update, approve, cancel, confirm, dispatch, prepare, receive, reject, validate. Manage the workflow for returning IMP to the warehouse. |
Randomization & Study Events
Permissions for randomization algorithms, dashboards, and study event management.
| Permission Key | Functional Description |
|---|---|
randomization.configure | Configure randomization algorithms, stratification, and study groups. |
randomization.view / list | View randomization lists and subject assignments. |
randomization.randomize | Execute the randomization process for a subject. |
randomization.generateRandomization | Generate the master randomization list/codes. |
randomization.importRandomizationCodes | Import external randomization codes via file. |
randomization.accessSourceList | Access the unblinded source randomization list (restricted). |
randomization.canViewTreatment | View the actual treatment arm assigned to a subject. |
randomization.unblinding | Perform unblinding actions for a subject. |
randomization.unblindingRequest.* | Unblind Requests: request, approve, reject. Manage the unblinding approval workflow. |
randomization.unRandomizedRequest.* | Un-randomize Requests: request, approve, reject. Manage the un-randomization approval workflow. |
randomization.dashboard.* | Dashboards: viewDashboards, viewRandomizationCode, viewRequest, dashboard.site, dashboard.treatment, dashboard.activeTreatment. Access randomization statistics and charts. |
randomization.*Code/Request | Code/Request Mgmt: add, update, delete, remove, restore, lock, unlock, listRequests, listRandomizationCodes, updateRandomizationCode, removeRandomizationCode, updateRequest, deleteRequest. |
randomization.definitionProducts | Link IMP products to randomization treatment arms. |
studyEvent.* | Study Events: list, view, add, configure, update, delete, lock, unlock, remove, restore, statuses, attachments, crfs. Manage event definitions and occurrences. |
studyEvent.addSimpleOccurrence | Add a simple, unscheduled occurrence to an event. |
studyEvent.signCrf / unSignCrf | Sign or un-sign CRFs within a study event. |
studyEvent.updateSubject | Update subject-level data from the event context. |
studyEvent.updateCrf | Update CRF definitions within an event. |
studyEvent.eventProducts | Manage products associated with an event. |
studyEvent.generateSerialNumber | Generate serial numbers for IMP products in an event. |
studyEvent.regenerateSerialNumber | Regenerate serial numbers if an error occurs. |
studyEvent.updateProduct | Update product details within an event. |
studyEvent.deleteDefinitionProduct | Remove a product from an event definition. |
️ Study Build Tools
Permissions for the Form Builder and Rule Studio applications.
| Permission Key | Functional Description |
|---|---|
formBuilder.* | Form Builder: list, view, add, configure, update, delete, lock, unlock, remove, restore. Design and manage CRF layouts and fields. |
ruleStudio.* | Rule Studio: list, view, add, configure, update, delete, lock, unlock, remove, restore. Create automated data validation rules. |
ruleStudio.activate | Activate a rule at the study level. |
ruleStudio.activateCrf | Activate a rule specifically for a CRF. |
ruleStudio.updateCrf | Update rule assignments for a specific CRF. |
ruleStudio.deleteCrf | Remove rule assignments from a specific CRF. |
casebook.* | Casebook: list, view, add, configure, update, delete, lock, unlock, remove, restore. Manage the subject casebook view. |
dataset.* | Dataset Extraction: list, view, read, configure, create, update, delete, lock, unlock, remove, restore, extract. Define and generate data extracts. |
dataset.exportPhi | Export datasets containing unmasked PHI data (highly restricted). |
dataset.exportDeidentified | Export datasets with PHI masked or removed. |
signature.* | Signatures: list, view, add, configure, update, delete, lock, unlock, remove, restore, viewEventCrfs, viewStudySubjects. Manage electronic signature workflows. |
⚖️ Compliance Note: Permissions such as
subject.view.phi,dataset.exportPhi, andrandomization.accessSourceListshould be strictly limited to authorized personnel (e.g., Unblinded Pharmacists, Principal Investigators, or Data Managers) to maintain compliance with HIPAA, GDPR, and ICH-GCP guidelines regarding data minimization and allocation concealment.